diff options
Diffstat (limited to 'recipes/ca-certificates')
5 files changed, 226 insertions, 0 deletions
diff --git a/recipes/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch b/recipes/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch new file mode 100644 index 0000000..4b4b287 --- /dev/null +++ b/recipes/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch | |||
@@ -0,0 +1,30 @@ | |||
1 | ca-certificates is a package from Debian, but some host distros such as Fedora | ||
2 | have a leaner run-parts provided by cron which doesn't support --verbose or the | ||
3 | -- separator between arguments and paths. | ||
4 | |||
5 | This solves errors such as | ||
6 | |||
7 | | Running hooks in [...]/rootfs/etc/ca-certificates/update.d... | ||
8 | | [...]/usr/sbin/update-ca-certificates: line 194: Not: command not found | ||
9 | |||
10 | Upstream-Status: Inappropriate | ||
11 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
12 | --- | ||
13 | sbin/update-ca-certificates | 4 +--- | ||
14 | 1 file changed, 1 insertion(+), 3 deletions(-) | ||
15 | |||
16 | Index: git/sbin/update-ca-certificates | ||
17 | =================================================================== | ||
18 | --- git.orig/sbin/update-ca-certificates | ||
19 | +++ git/sbin/update-ca-certificates | ||
20 | @@ -191,9 +191,7 @@ if [ -d "$HOOKSDIR" ] | ||
21 | then | ||
22 | |||
23 | echo "Running hooks in $HOOKSDIR..." | ||
24 | - VERBOSE_ARG= | ||
25 | - [ "$verbose" = 0 ] || VERBOSE_ARG="--verbose" | ||
26 | - eval run-parts "$VERBOSE_ARG" --test -- "$HOOKSDIR" | while read hook | ||
27 | + eval run-parts --test -- "$HOOKSDIR" | while read hook | ||
28 | do | ||
29 | ( cat "$ADDED" | ||
30 | cat "$REMOVED" ) | "$hook" || echo "E: $hook exited with code $?." | ||
diff --git a/recipes/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch b/recipes/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch new file mode 100644 index 0000000..792b403 --- /dev/null +++ b/recipes/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch | |||
@@ -0,0 +1,46 @@ | |||
1 | Upstream-Status: Pending | ||
2 | |||
3 | From 724cb153ca0f607fb38b3a8db3ebb2742601cd81 Mon Sep 17 00:00:00 2001 | ||
4 | From: Andreas Oberritter <obi@opendreambox.org> | ||
5 | Date: Tue, 19 Mar 2013 17:14:33 +0100 | ||
6 | Subject: [PATCH 2/2] update-ca-certificates: use $SYSROOT | ||
7 | |||
8 | Signed-off-by: Andreas Oberritter <obi@opendreambox.org> | ||
9 | --- | ||
10 | sbin/update-ca-certificates | 14 +++++++------- | ||
11 | 1 file changed, 7 insertions(+), 7 deletions(-) | ||
12 | |||
13 | Index: git/sbin/update-ca-certificates | ||
14 | =================================================================== | ||
15 | --- git.orig/sbin/update-ca-certificates | ||
16 | +++ git/sbin/update-ca-certificates | ||
17 | @@ -24,12 +24,12 @@ | ||
18 | verbose=0 | ||
19 | fresh=0 | ||
20 | default=0 | ||
21 | -CERTSCONF=/etc/ca-certificates.conf | ||
22 | -CERTSDIR=/usr/share/ca-certificates | ||
23 | -LOCALCERTSDIR=/usr/local/share/ca-certificates | ||
24 | +CERTSCONF=$SYSROOT/etc/ca-certificates.conf | ||
25 | +CERTSDIR=$SYSROOT/usr/share/ca-certificates | ||
26 | +LOCALCERTSDIR=$SYSROOT/usr/local/share/ca-certificates | ||
27 | CERTBUNDLE=ca-certificates.crt | ||
28 | -ETCCERTSDIR=/etc/ssl/certs | ||
29 | -HOOKSDIR=/etc/ca-certificates/update.d | ||
30 | +ETCCERTSDIR=$SYSROOT/etc/ssl/certs | ||
31 | +HOOKSDIR=$SYSROOT/etc/ca-certificates/update.d | ||
32 | |||
33 | while [ $# -gt 0 ]; | ||
34 | do | ||
35 | @@ -92,9 +92,9 @@ add() { | ||
36 | PEM="$ETCCERTSDIR/$(basename "$CERT" .crt | sed -e 's/ /_/g' \ | ||
37 | -e 's/[()]/=/g' \ | ||
38 | -e 's/,/_/g').pem" | ||
39 | - if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ] | ||
40 | + if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "${CERT##$SYSROOT}" ] | ||
41 | then | ||
42 | - ln -sf "$CERT" "$PEM" | ||
43 | + ln -sf "${CERT##$SYSROOT}" "$PEM" | ||
44 | echo "+$PEM" >> "$ADDED" | ||
45 | fi | ||
46 | # Add trailing newline to certificate, if it is missing (#635570) | ||
diff --git a/recipes/ca-certificates/ca-certificates/default-sysroot.patch b/recipes/ca-certificates/ca-certificates/default-sysroot.patch new file mode 100644 index 0000000..f8b0791 --- /dev/null +++ b/recipes/ca-certificates/ca-certificates/default-sysroot.patch | |||
@@ -0,0 +1,50 @@ | |||
1 | Upstream-Status: Pending | ||
2 | |||
3 | update-ca-certificates: find SYSROOT relative to its own location | ||
4 | |||
5 | This makes the script relocatable. | ||
6 | |||
7 | Index: git/sbin/update-ca-certificates | ||
8 | =================================================================== | ||
9 | --- git.orig/sbin/update-ca-certificates | ||
10 | +++ git/sbin/update-ca-certificates | ||
11 | @@ -66,6 +66,39 @@ do | ||
12 | shift | ||
13 | done | ||
14 | |||
15 | +if [ -z "$SYSROOT" ]; then | ||
16 | + local_which () { | ||
17 | + if [ $# -lt 1 ]; then | ||
18 | + return 1 | ||
19 | + fi | ||
20 | + | ||
21 | + ( | ||
22 | + IFS=: | ||
23 | + for entry in $PATH; do | ||
24 | + if [ -x "$entry/$1" ]; then | ||
25 | + echo "$entry/$1" | ||
26 | + exit 0 | ||
27 | + fi | ||
28 | + done | ||
29 | + exit 1 | ||
30 | + ) | ||
31 | + } | ||
32 | + | ||
33 | + case "$0" in | ||
34 | + */*) | ||
35 | + sbindir=$(cd ${0%/*} && pwd) | ||
36 | + ;; | ||
37 | + *) | ||
38 | + sbindir=$(cd $(dirname $(local_which $0)) && pwd) | ||
39 | + ;; | ||
40 | + esac | ||
41 | + prefix=${sbindir%/*} | ||
42 | + SYSROOT=${prefix%/*} | ||
43 | + if [ ! -d "$SYSROOT/usr/share/ca-certificates" ]; then | ||
44 | + SYSROOT= | ||
45 | + fi | ||
46 | +fi | ||
47 | + | ||
48 | if [ ! -s "$CERTSCONF" ] | ||
49 | then | ||
50 | fresh=1 | ||
diff --git a/recipes/ca-certificates/ca-certificates/sbindir.patch b/recipes/ca-certificates/ca-certificates/sbindir.patch new file mode 100644 index 0000000..a113fa8 --- /dev/null +++ b/recipes/ca-certificates/ca-certificates/sbindir.patch | |||
@@ -0,0 +1,20 @@ | |||
1 | Upstream-Status: Pending | ||
2 | |||
3 | Let us alter the install destination of the script via SBINDIR | ||
4 | |||
5 | --- ca-certificates-20130119.orig/sbin/Makefile | ||
6 | +++ ca-certificates-20130119/sbin/Makefile | ||
7 | @@ -3,9 +3,12 @@ | ||
8 | # | ||
9 | # | ||
10 | |||
11 | +SBINDIR = /usr/sbin | ||
12 | + | ||
13 | all: | ||
14 | |||
15 | clean: | ||
16 | |||
17 | install: | ||
18 | - install -m755 update-ca-certificates $(DESTDIR)/usr/sbin/ | ||
19 | + install -d $(DESTDIR)$(SBINDIR) | ||
20 | + install -m755 update-ca-certificates $(DESTDIR)$(SBINDIR)/ | ||
diff --git a/recipes/ca-certificates/ca-certificates_20150426.bb b/recipes/ca-certificates/ca-certificates_20150426.bb new file mode 100644 index 0000000..716e3df --- /dev/null +++ b/recipes/ca-certificates/ca-certificates_20150426.bb | |||
@@ -0,0 +1,80 @@ | |||
1 | SUMMARY = "Common CA certificates" | ||
2 | DESCRIPTION = "This package includes PEM files of CA certificates to allow \ | ||
3 | SSL-based applications to check for the authenticity of SSL connections. \ | ||
4 | This derived from Debian's CA Certificates." | ||
5 | HOMEPAGE = "http://packages.debian.org/sid/ca-certificates" | ||
6 | SECTION = "misc" | ||
7 | LICENSE = "GPL-2.0+ & MPL-2.0" | ||
8 | LIC_FILES_CHKSUM = "file://debian/copyright;md5=48d2baf97986999e776b43c8dd9e0c5a" | ||
9 | |||
10 | # This is needed to ensure we can run the postinst at image creation time | ||
11 | DEPENDS = "ca-certificates-native" | ||
12 | DEPENDS_class-native = "" | ||
13 | |||
14 | # tag: debian/20150426 + 2 | ||
15 | SRCREV = "d4790d2832aaac9152f450e06661511067592227" | ||
16 | |||
17 | SRC_URI = "git://anonscm.debian.org/collab-maint/ca-certificates.git \ | ||
18 | file://0001-update-ca-certificates-remove-c-rehash.patch \ | ||
19 | file://0002-update-ca-certificates-use-SYSROOT.patch \ | ||
20 | file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \ | ||
21 | file://default-sysroot.patch \ | ||
22 | file://sbindir.patch" | ||
23 | |||
24 | S = "${WORKDIR}/git" | ||
25 | |||
26 | inherit allarch | ||
27 | |||
28 | EXTRA_OEMAKE = "\ | ||
29 | 'CERTSDIR=${datadir}/ca-certificates' \ | ||
30 | 'SBINDIR=${sbindir}' \ | ||
31 | " | ||
32 | |||
33 | do_compile_prepend() { | ||
34 | oe_runmake clean | ||
35 | } | ||
36 | |||
37 | do_install () { | ||
38 | install -d ${D}${datadir}/ca-certificates \ | ||
39 | ${D}${sysconfdir}/ssl/certs \ | ||
40 | ${D}${sysconfdir}/ca-certificates/update.d | ||
41 | oe_runmake 'DESTDIR=${D}' install | ||
42 | |||
43 | install -d ${D}${mandir}/man8 | ||
44 | install -m 0644 sbin/update-ca-certificates.8 ${D}${mandir}/man8/ | ||
45 | |||
46 | install -d ${D}${sysconfdir} | ||
47 | { | ||
48 | echo "# Lines starting with # will be ignored" | ||
49 | echo "# Lines starting with ! will remove certificate on next update" | ||
50 | echo "#" | ||
51 | find ${D}${datadir}/ca-certificates -type f -name '*.crt' | \ | ||
52 | sed 's,^${D}${datadir}/ca-certificates/,,' | ||
53 | } >${D}${sysconfdir}/ca-certificates.conf | ||
54 | } | ||
55 | |||
56 | do_install_append_class-target () { | ||
57 | sed -i -e 's,/etc/,${sysconfdir}/,' \ | ||
58 | -e 's,/usr/share/,${datadir}/,' \ | ||
59 | -e 's,/usr/local,${prefix}/local,' \ | ||
60 | ${D}${sbindir}/update-ca-certificates \ | ||
61 | ${D}${mandir}/man8/update-ca-certificates.8 | ||
62 | } | ||
63 | |||
64 | pkg_postinst_${PN} () { | ||
65 | SYSROOT="$D" update-ca-certificates | ||
66 | } | ||
67 | |||
68 | CONFFILES_${PN} += "${sysconfdir}/ca-certificates.conf" | ||
69 | |||
70 | # Postinsts don't seem to be run for nativesdk packages when populating SDKs. | ||
71 | CONFFILES_${PN}_append_class-nativesdk = " ${sysconfdir}/ssl/certs/ca-certificates.crt" | ||
72 | do_install_append_class-nativesdk () { | ||
73 | SYSROOT="${D}${SDKPATHNATIVE}" update-ca-certificates | ||
74 | } | ||
75 | |||
76 | do_install_append_class-native () { | ||
77 | SYSROOT="${D}${base_prefix}" ${D}${sbindir}/update-ca-certificates | ||
78 | } | ||
79 | |||
80 | BBCLASSEXTEND += "native nativesdk" | ||